4 replies

Claim tenant did not pass validation in multitenancy

Hi, i have multi tendency in my project which let user no tendency or based on his host and put it inside plug

For example

 def call(conn, opts) do
   ...
      {tenant, x_tenant} =
        if check_explicit_no_tenant(conn), do: {nil, "none"}, else: {site.id, site.id}

      conn
      |> Ash.PlugHelpers.set_tenant(tenant)
      |> put_resp_header("x-tenant-id", x_tenant)
      |> assign(:current_site, site)
end

 def call(conn, opts) do
   ...
      {tenant, x_tenant} =
        if check_explicit_no_tenant(conn), do: {nil, "none"}, else: {site.id, site.id}

      conn
      |> Ash.PlugHelpers.set_tenant(tenant)
      |> put_resp_header("x-tenant-id", x_tenant)
      |> assign(:current_site, site)
end

Many actions works with it but when i want to generate token, i have a problem

For example if the tenant is nil i have no problem but if i pass tendency i get this debug

[debug] Claim %{"tenant" => "699debb0-9606-44d3-b824-c6763405cc34"} did not pass validation.
Current time: 1755167657
[debug] forbidden: Forbidden | forbidden

[debug] Claim %{"tenant" => "699debb0-9606-44d3-b824-c6763405cc34"} did not pass validation.
Current time: 1755167657
[debug] forbidden: Forbidden | forbidden

for bypass this in

sign_in_with_password

sign_in_with_password

after i get my data i force it to have tendency

nil

nil

read :sign_in_with_password do
    description "Attempt to sign in using a email and password."
    get? true

    ...

    prepare fn query, _context ->
    query = Ash.Query.set_context(query, %{private: %{ash_authentication?: true}})
    current_tenant = query.tenant

    query =
        if current_tenant,
        do: Ash.Query.filter(query, site_id == ^current_tenant),
        else: Ash.Query.filter(query, is_nil(site_id))

    query |> Ash.Query.load(:site)
    # To make sure all tokens is from none tenant
    Ash.Query.set_tenant(query, nil)
    end

    # validates the provided email and password and generates a token
    prepare AshAuthentication.Strategy.Password.SignInPreparation

  ...
end

read :sign_in_with_password do
    description "Attempt to sign in using a email and password."
    get? true

    ...

    prepare fn query, _context ->
    query = Ash.Query.set_context(query, %{private: %{ash_authentication?: true}})
    current_tenant = query.tenant

    query =
        if current_tenant,
        do: Ash.Query.filter(query, site_id == ^current_tenant),
        else: Ash.Query.filter(query, is_nil(site_id))

    query |> Ash.Query.load(:site)
    # To make sure all tokens is from none tenant
    Ash.Query.set_tenant(query, nil)
    end

    # validates the provided email and password and generates a token
    prepare AshAuthentication.Strategy.Password.SignInPreparation

  ...
end

As you see i did like this

Ash.Query.set_tenant(query, nil)

Ash.Query.set_tenant(query, nil)

, but i do not want to do this, where is my problem?

By the way my user can with nil
tenant
tenant
(master account) or can be with a site and i check the tenant id is same in my db and ets
Master:

{
  ...
  "purpose": "user",
  "tenant": null
}

{
  ...
  "purpose": "user",
  "tenant": null
}

normal:

{
  ...
  "purpose": "user",
  "tenant": id..
}

{
  ...
  "purpose": "user",
  "tenant": id..
}

Thank you in advance

Solution

Thank you there were some problems in my custom plug

Jump to solution

Ash Framework•7mo ago•

4 replies

Shahryar

Claim tenant did not pass validation in multitenancy

Hi, i have multi tendency in my project which let user no tendency or based on his host and put it inside plug

For example

 def call(conn, opts) do
   ...
      {tenant, x_tenant} =
        if check_explicit_no_tenant(conn), do: {nil, "none"}, else: {site.id, site.id}

      conn
      |> Ash.PlugHelpers.set_tenant(tenant)
      |> put_resp_header("x-tenant-id", x_tenant)
      |> assign(:current_site, site)
end

 def call(conn, opts) do
   ...
      {tenant, x_tenant} =
        if check_explicit_no_tenant(conn), do: {nil, "none"}, else: {site.id, site.id}

      conn
      |> Ash.PlugHelpers.set_tenant(tenant)
      |> put_resp_header("x-tenant-id", x_tenant)
      |> assign(:current_site, site)
end

Many actions works with it but when i want to generate token, i have a problem

For example if the tenant is nil i have no problem but if i pass tendency i get this debug

[debug] Claim %{"tenant" => "699debb0-9606-44d3-b824-c6763405cc34"} did not pass validation.
Current time: 1755167657
[debug] forbidden: Forbidden | forbidden

[debug] Claim %{"tenant" => "699debb0-9606-44d3-b824-c6763405cc34"} did not pass validation.
Current time: 1755167657
[debug] forbidden: Forbidden | forbidden

for bypass this in

sign_in_with_password

sign_in_with_password

after i get my data i force it to have tendency

nil

nil

read :sign_in_with_password do
    description "Attempt to sign in using a email and password."
    get? true

    ...

    prepare fn query, _context ->
    query = Ash.Query.set_context(query, %{private: %{ash_authentication?: true}})
    current_tenant = query.tenant

    query =
        if current_tenant,
        do: Ash.Query.filter(query, site_id == ^current_tenant),
        else: Ash.Query.filter(query, is_nil(site_id))

    query |> Ash.Query.load(:site)
    # To make sure all tokens is from none tenant
    Ash.Query.set_tenant(query, nil)
    end

    # validates the provided email and password and generates a token
    prepare AshAuthentication.Strategy.Password.SignInPreparation

  ...
end

read :sign_in_with_password do
    description "Attempt to sign in using a email and password."
    get? true

    ...

    prepare fn query, _context ->
    query = Ash.Query.set_context(query, %{private: %{ash_authentication?: true}})
    current_tenant = query.tenant

    query =
        if current_tenant,
        do: Ash.Query.filter(query, site_id == ^current_tenant),
        else: Ash.Query.filter(query, is_nil(site_id))

    query |> Ash.Query.load(:site)
    # To make sure all tokens is from none tenant
    Ash.Query.set_tenant(query, nil)
    end

    # validates the provided email and password and generates a token
    prepare AshAuthentication.Strategy.Password.SignInPreparation

  ...
end

As you see i did like this

Ash.Query.set_tenant(query, nil)

Ash.Query.set_tenant(query, nil)

{
  ...
  "purpose": "user",
  "tenant": null
}

{
  ...
  "purpose": "user",
  "tenant": null
}

normal:

{
  ...
  "purpose": "user",
  "tenant": id..
}

{
  ...
  "purpose": "user",
  "tenant": id..
}

Thank you in advance

Solution

Thank you there were some problems in my custom plug

Jump to solution

Claim tenant did not pass validation in multitenancy

Claim tenant did not pass validation in multitenancy

Similar Threads

Similar Threads

Similar Threads